Flash vulnerability revealed for Android, fix coming November 9th

0

Uh-oh, Flash. In a time when people are questioning your use, you really don’t need a critical security flaw.

Adobe today announced the discovery of a critical vulnerability in Flash for Windows, Mac, Linux, Solaris, and Android that may allow an attacker to take control of your system. To quote:

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

Adobe says that while Android’s Flash Player is affected by the vulnerability, there are currently no reports of any attacks on the platform. Which is good, I guess.

Adobe are, of course, working on a solution, but it won’t be available until November 9th. Until that time, I’d recommend disabling the Flash plug-in on your browser, just to be sure.

In fact, I recommend that you change the “Enable Plug-ins” option to “On Demand” — that way you only get the Flash content that you want (as in, not the ads). Just open up your browser, press the menu key -> More -> Settings -> Enable Plug-ins -> On Demand.